The San Francisco Municipal Transportation Agency was the victim of a ransomware attack this on Friday. Serving almost 200,000 riders a week, it seems the security at Muni Metro leaves something to be desired. All ticketing computers were locked out, reading the message “You hacked, ALL Data Encrypted.” As is standard in ransomware attacks — but certainly not in the daily activities of San Francisco’s transit riders —, the hack demanded that a ransom would have to be paid through provided contact information. The San Francisco Examiner contacted the alleged hackers and was told the amount of Bitcoin requested by the ransomware came to 73,000 USD.
While ticketing services resumed on Sunday, the investigation into the attack is still open.
The SFMTA issued the following statement on Sunday:
On Nov. 25, the SFMTA was a victim of a ransomware attack. This cybercrime disrupted some of our internal computer systems including email. Transit service was unaffected and there were no impacts to the safe operation of buses and Muni Metro. Neither customer privacy nor transaction information were compromised.
The situation is now contained, and we have prioritized restoring our systems to be fully operational.
As this is an ongoing investigation, it wouldn’t be appropriate to provide additional details at this time.
Ransomware is a form of malware that covertly downloads onto a computer system, compromising it, and demanding payment in order to restore the system to good order. Ransomware is on the rise (some attacks being more effective than others). Just this year, computers used at healthcare facilities in the U.S., Germany and New Zealand were the victim of a ransomware attack.